Skip to content

Commit 262c1a7

Browse files
committed
Remove SecurityHeaders
We no longer need this since Spring Framework now provides HttpHeaders.setBearerAuth Issue: gh-5612
1 parent c26d7dc commit 262c1a7

File tree

5 files changed

+6
-53
lines changed

5 files changed

+6
-53
lines changed

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,6 @@
1616

1717
package org.springframework.security.oauth2.client.userinfo;
1818

19-
import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
2019

2120
import java.net.UnknownHostException;
2221
import java.util.HashSet;
@@ -114,7 +113,7 @@ public Mono<OAuth2User> loadUser(OAuth2UserRequest userRequest)
114113
requestHeadersSpec = this.webClient.get()
115114
.uri(userInfoUri)
116115
.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
117-
.headers(bearerToken(userRequest.getAccessToken().getTokenValue()));
116+
.headers(headers -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
118117
}
119118
Mono<Map<String, Object>> userAttributes = requestHeadersSpec
120119
.retrieve()

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,6 @@
4848
import java.util.function.Consumer;
4949

5050
import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
51-
import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
5251

5352
/**
5453
* Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the
@@ -190,7 +189,7 @@ private boolean shouldRefresh(OAuth2AuthorizedClient authorizedClient) {
190189

191190
private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
192191
return ClientRequest.from(request)
193-
.headers(bearerToken(authorizedClient.getAccessToken().getTokenValue()))
192+
.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
194193
.build();
195194
}
196195

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,6 @@
5656
import java.util.function.Consumer;
5757

5858
import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
59-
import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
6059

6160
/**
6261
* Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the
@@ -338,7 +337,7 @@ private boolean shouldRefresh(OAuth2AuthorizedClient authorizedClient) {
338337

339338
private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
340339
return ClientRequest.from(request)
341-
.headers(bearerToken(authorizedClient.getAccessToken().getTokenValue()))
340+
.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
342341
.build();
343342
}
344343

samples/boot/oauth2resourceserver-webflux/src/test/java/sample/ServerOauth2ResourceApplicationTests.java

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,6 @@
2525
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
2626
import org.springframework.test.web.reactive.server.WebTestClient;
2727

28-
import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
29-
3028
/**
3129
* @author Rob Winch
3230
* @since 5.1
@@ -42,7 +40,7 @@ public class ServerOauth2ResourceApplicationTests {
4240
public void getWhenValidTokenThenIsOk() {
4341
String token = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6Im1lc3NhZ2U6cmVhZCIsImV4cCI6MzEwNjMyODEzMSwianRpIjoiOGY5ZjFiYzItOWVlMi00NTJkLThhMGEtODg3YmE4YmViYjYzIn0.CM_KulSsIrNXW1x6NFeN5VwKQiIW-LIAScJzakRFDox8Ql7o4WOb0ubY3CjWYnglwqYzBvH9McCFqVrUtzdfODY5tyEEJSxWndIGExOi2osrwRPsY3AGzNa23GMfC9I03BFP1IFCq4ZfL-L6yVcIjLke-rA40UG-r-oA7r-N_zsLc5poO7Azf29IQgQF0GSRp4AKQprYHF5Q-Nz9XkILMDz9CwPQ9cbdLCC9smvaGmEAjMUr-C1QgM-_ulb42gWtRDLorW_eArg8g-fmIP0_w82eNWCBjLTy-WaDMACnDVrrUVsUMCqx6jS6h8_uejKly2NFuhyueIHZTTySqCZoTA";
4442
this.rest.get().uri("/")
45-
.headers(bearerToken(token))
43+
.headers(headers -> headers.setBearerAuth(token))
4644
.exchange()
4745
.expectStatus().isOk()
4846
.expectBody(String.class).isEqualTo("Hello, null!");
@@ -60,7 +58,7 @@ public void getWhenNoTokenThenIsUnauthorized() {
6058
public void getWhenNone() {
6159
String token = "ew0KICAiYWxnIjogIm5vbmUiLA0KICAidHlwIjogIkpXVCINCn0.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.";
6260
this.rest.get().uri("/")
63-
.headers(bearerToken(token))
61+
.headers(headers -> headers.setBearerAuth(token))
6462
.exchange()
6563
.expectStatus().isUnauthorized()
6664
.expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"Unsupported algorithm of none\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
@@ -70,7 +68,7 @@ public void getWhenNone() {
7068
public void getWhenInvalidToken() {
7169
String token = "a";
7270
this.rest.get().uri("/")
73-
.headers(bearerToken(token))
71+
.headers(headers -> headers.setBearerAuth(token))
7472
.exchange()
7573
.expectStatus().isUnauthorized()
7674
.expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"An error occurred while attempting to decode the Jwt: Invalid JWT serialization: Missing dot delimiter(s)\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");

web/src/test/groovy/org/springframework/security/web/http/SecurityHeadersTests.java

Lines changed: 0 additions & 42 deletions
This file was deleted.

0 commit comments

Comments
 (0)